I'm getting the error: "Wildcards cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true." when trying to access a c# httplistener program from a javascript socket.io webpage.
what I don't understand is I have the following code setting access control allow credentials to FALSE:
// Note: The GetContext method blocks while waiting for a request.
HttpListenerContext context = listener.GetContext();
UpdateListbox(PluginCore.listMain, "HTTP Client connected", true);
HttpListenerRequest request = context.Request;
// Obtain a response object.
HttpListenerResponse response = context.Response;
response.AddHeader("Access-Control-Allow-Credentials", "false");
response.AddHeader("Access-Control-Allow-Origin", "*");
response.AddHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
// Construct a response.
string responseString = "Hello world!";
byte[] buffer = System.Text.Encoding.UTF8.GetBytes(responseString);
// Get a response stream and write the response to it.
response.ContentLength64 = buffer.Length;
System.IO.Stream output = response.OutputStream;
output.Write(buffer, 0, buffer.Length);
// You must close the output stream.
output.Close();
It makes no sense to me. Can anybody point out what i'm doing wrong?
The
XmlHttpRequest
sent from JavaScript should not have thewithCredentials = true;
OR the response should not send theAccess-Control-Allow-Credentials
header or its value should betrue
in order for the browser to actually send the response back. This is due to security constraints in CORS. https://developer.mozilla.org/en/docs/HTTP/Access_control_CORS#Requests_with_credentials